Departing engineer downloaded full customer export 36h before resignation effective date
A medium Cybersecurity scenario on Insider Data Leak.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · insider-data-leak-departing-eng
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Insider-risk-aware data triage
- Evidence-preserving departing-employee response
- Exfiltration Over Web Service · ExfiltrationT1567 · TA0010MappedHigh confidence
Trains defensive triage of insider-style web-service outbound transfers.
- User Behavior AnalysisD3-UBAMappedHigh confidence
Trains the behavior-analysis posture that surfaces anomalous departing-user activity.
- User Account PermissionsD3-UAPMappedMedium confidence
Trains the permission-scoping control that limits departing-user blast radius.
- Data Security · ProtectPR.DS · PRMappedHigh confidence
Trains the data-security baseline against insider exfiltration.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains evidence-aware triage of insider data movement.
- IR lifecycle phasePost-Incident ActivityMappedMedium confidence
Trains HR/legal coordination and lessons-learned discipline.
- Revoking Credentials for Departing Employees2.DMappedHigh confidence
Trains the departing-credentials baseline.
- Secure Sensitive Data2.IMappedMedium confidence
Trains the sensitive-data control under departure pressure.
- Data ProtectionControl 3MappedHigh confidence
Trains the data-protection control the scenario exercises.
- Account ManagementControl 5MappedHigh confidence
Trains the account-lifecycle control around the departing user.